Hackers, phishers targeting Kiwis

Thousands of taxpayers have been targeted by international
scammers as criminal syndicates take advantage of
ever-advancing computer technology.

Cyber attacks have been identified as one of the key threats
from organised crime in New Zealand and around the globe.

Bank accounts, credit cards, home addresses, medical records,
IRD numbers, drivers' licences, birthdates even state secrets
- all are at risk in the online age where they can be stolen
through a computer on the other side of the world.

Security experts say it is impossible to know how many cyber
attacks occur in New Zealand. But figures released by the
Inland Revenue Department show that more than 5000 "phishing"
attempts have been reported since the first in September
2010.

The IRD brand was used in 103 different phishing scams and
each one promised a tax refund to attempt to obtain either
online banking logon details or credit card information,
according to the documents released under the Official
Information Act.

"In a more sinister tactic, the hackers use special tools to
scan for home computers which have holes in their security,"
according to an internal IRD security memo.

Without the computer owner's knowledge, the home computer is
then used to serve the phishing website to the internet.

"The phishers cast their bait by obtaining a list of email
addresses, which can be bought for a small fee in hacker
forums. We uncovered one of these lists left on one of the
hacked computers. It had 12,000 NZ-based email addresses."

The IRD said it had no way to determine the number of
instances where online banking details or credit card
information has been provided to the phisher.

None of the major banks contacted by the Herald - ANZ,
Westpac, ASB, BNZ - would release exact details but all said
attacks were rising.

Most were unsuccessful but a cyber group sending thousands of
phishing emails every day needs only a small strike rate to
be successful.

The threat of cyber crime has been recognised as a key area
in government strategy papers and led to the establishment of
a specialist centre within the Government Communications
Security Bureau.

There is also an intelligence group inside the Department of
the Prime Minister and Cabinet which has a co- ordination
role.

"Criminals are increasingly using cyberspace to gain access
to personal information, steal intellectual property and gain
knowledge of government-held information for financial or
political gain or other malicious purposes," wrote Cabinet
Minister Steven Joyce in the National Cyber Security Strategy
paper. "National borders present no barrier."

The report estimates that 70 per cent of New Zealanders have
been targets of some form of cyber crime, with most common
complaints being computer scams, fraud and viruses or
malware.

Of those, international data suggested 133,000 individuals
fell prey to identity or bank fraud. Criminals are also
finding increasingly sophisticated ways to obtain information
online, including using social networking sites such as
Facebook and Twitter.

Users of the popular sites are being lured to other websites
to put malware on the computer, or exploit the profile
information (birthdates, phone numbers, employment details)
to mount targeted attacks.

The boom in online shopping has led to problems too.

The Herald has revealed that scammers from Indonesia, Nigeria
and eastern Europe sent "phishing" emails to Trade Me users,
pretending they were from the online auction site and asking
for personal details.

And in 2010, the FBI and Romanian authorities arrested 70
individuals from three separate syndicates for an online
auction scam targeting eBay users.

The fraud netted more than $2 million from 800 victims in 11
countries, including New Zealand.

Paul Stokes is a senior executive at Wynyard Group, a New
Zealand company whose intelligence and investigative software
is used by dozens of law enforcement agencies around the
world.

He said it was impossible to tell how many cyber attacks
there were in New Zealand each day and malware "remains the
greatest problem, but not the real threat".

"The real threat is the individual or organised crime network
operating the malware and their agenda. Today, that agenda
can include financial gain, identity theft, theft of state
secrets or intellectual property."

Power or phone bills can be used to track personal details,
or commit identity theft to open bank accounts and obtain
loans. Medical records are used to commit insurance fraud,
dates of birth for identity theft, as well as credit card
details.

"The list is endless," said Mr Stokes.

"What is rapidly changing, however, is how these lists are
accumulated, aggregated with other information and sold
through online underworld networks to facilitate crimes
against New Zealanders from anywhere in the world."